Firefox 瀏覽器附加元件
  • 擴充套件
  • 佈景主題
    • 用於 Firefox
    • 字典與語言套件
    • 其他瀏覽器網站
    • Android 版的附加元件
登入
JSXtract 預覽

JSXtract 作者: Device1

JSXtract is a security research tool used to pull various type of data from JS files that exist within a selected tab.

0(0 筆評分)0(0 筆評分)
1 位使用者1 位使用者
下載 Firefox 並安裝擴充套件
下載檔案

擴充套件後設資料

關於此擴充套件
This tool is a great way to get an initial look on what may exist within the application. You can use the tool to get some basic data such as urls, endpoints and parameters or get a good initial look of sinks, postmessages and then go deeper from there etc.

How it's used
- First the user should open dev tools and check which domains the JS files of the application are from i.e. netflix uses nflxext.com, in which case you'd place something like "nflx" into the whitelist input (this input is comma separated array i.e. nflx,netflix), which will then get all JS files from sources which include "nflx" in them. The whitelist was created to separate thirdparty JS from the applications JS files.
- Second you'd press start and a new tab called "results" opens up in your browser which allows you to see the data which we're found through various regex.

Results
- Urls
- Endpoints
- Parameters
- Sinks (various sinks with a bit of context)
- PostMessages (These also have a bit of context)
- Misc. (These are values of .get() & .set() with some context)

The regex used
Urls: > /https?:\/\/[a-zA-Z0-9.-_\/\${}:]+/g

Endpoints: > /(?<=[\"\'])\/[a-zA-Z0-9-._\/\${}:]{2,}/g

Parameters: > /(?<=\?)[a-zA-Z0-9-_]{2,}(?==)/g

Misc.: > /[()[]{}\w]{0,20}.[sg]et([\"\'][^\"\']+[\"\'][^)]*)/g

Sinks: > /document.(write(ln)([^)]+)|domain\s?=\s?[^;)]}]{1,300})|.(innerHTML|outerHTML|insertAdjacentHTML|onevent|srcdoc)\s?[=]\s?[^;]{1,300};|dangerouslySetInnerHTML[=:]\s?{?[^;}]{1,300}[;}]|location.(host|hostname|href|pathname|search|protocol)\s?=[^;]{1,300};|location.(assign(|replace()[^)]{1,300})|document.cookie\s?=\s?[^;]{1,300};|(eval(uate)?|execCommand|execScript)([^)]+)|.(href|src|action)\s?=\s?[^;]{1,300};|FileReader.(readAsArrayBuffer|readAsBinaryString|readAsDataURL|readAsText|readAsFile|root.getFile)([^)]{1,300})/g

PostMessages: > /postMessage(.{1,300});|addEventListener([\'\"]message[\'\"].{1,300});/g

Github
https://github.com/Antp1k/jsxtract/
由 1 位評論者給出 0 分
登入後即可幫此擴充套件評分
目前沒有評分

已儲存星等

5
0
4
0
3
0
2
0
1
0
還沒有評論
權限與資料

必要權限:

  • 存取瀏覽器分頁

選用的權限:

  • 存取您所有網站中的資料
了解更多
更多資訊
版本
1.0
大小
10.96 KB
最近更新
10 個月前 (2025年5月4日)
相關分類
  • 隱私權與安全性
授權條款
MIT License
版本紀錄
  • 瀏覽所有版本
新增至收藏集
檢舉此附加元件
前往 Mozilla 官網

附加元件

  • 關於
  • Firefox 附加元件部落格
  • 擴充套件工作坊
  • 開發者交流中心
  • 開發者政策
  • 社群部落格
  • 討論區
  • 回報 Bug
  • 評論撰寫指南

瀏覽器

  • Desktop
  • Mobile
  • Enterprise

產品

  • Browsers
  • VPN
  • Relay
  • Monitor
  • Pocket
  • Bluesky (@firefox.com)
  • Instagram (Firefox)
  • YouTube (firefoxchannel)
  • 隱私權
  • Cookie
  • 法律資訊

除另有註明外,本站內容皆採用創用 CC 姓名標示—相同方式分享條款 3.0 或更新版本授權大眾使用。